using System;
using SecuBat.Analysis.Common;
using SecuBat.AttackPlugin;

namespace SecuBat.AttackPlugins.SimpleXss
{
	/// <summary>
	/// Summary description for SimpleXssAnalysis.
	/// </summary>
	[AnalysisPlugin]
	public class XssScenarioCredentialsAnalysis : HtmlInjectionAnalysis, IAnalysis
	{
		private String _formDomain;

		public string FormDomain
		{
			get { return _formDomain; }
			set { _formDomain = value; }
		}

		public XssScenarioCredentialsAnalysis(ICommonData data) : 
			base(data, "")
		{
			FormDomain = "";
		}

		public override void DoAnalysis()
		{
			base.DoAnalysis ();

			// If the xss attack was successful, check if the domain contains sensitive information
			if (this.AnalysisResult > 0)
			{
				XssScenarioCredentialsCommonData xssData = this.Data as XssScenarioCredentialsCommonData;
				if (xssData != null && FormDomain.Length > 0)
				{
					if (xssData.SensitiveDomains.ContainsKey(FormDomain))
					{
						this.AnalysisText = 
							String.Format("Successfull XSS attack & potentially sensitive information on this domain ({0}) using the forms with IDs: {1}; ", 
								this.FormDomain, xssData.SensitiveDomains[this.FormDomain]) + this.AnalysisText;
					}
					else
					{
						// The attack scenario is not interested in not sensitive domains
						this.AnalysisResult = 10;
						this.AnalysisText = 
							String.Format("Successfull XSS attack BUT no potentially sensitive data found on this domain ({0}).; ", 
							this.FormDomain) + this.AnalysisText;
					}
				}
			}
			else
			{
				this.AnalysisText = "Failed XSS attack; " + this.AnalysisText;
			}
		}
	}
}
